I didn’t write for a long time, and it feels like the first time again, so please be merciful , and I hope you’ll find this post helpful

I learned that changes in big organizations take some time, sometimes too long J. I asked our developers to hand me a full web installation instead of a long and tedious installation guide. Web Deploy tool was the best solution for me, but no one knows how to use it, and the installation guides piled up.

Web Deploy tool helps Administrators or Developers deploy Web applications and Web sites to IIS servers. This tool can be used to synchronize IIS servers or to migrate from older version to a newer one, for more information visit the following site.

A Web Deploy package can be built from the command line or by the IIS GUI extension (Not so user friendly, but very efficient). In this post I`ll try to guide you how to use the tool, through an example.

Tool Prerequisites

This guide requires the following prerequisites:

.NET Framework 2.0 SP1 or greater

Web Deployment Tool

IIS 7.0 or above, or IIS Remote Manager

Note: Don’t forget to backup your site before testing the tool

Prerequisites if you’re using SQL

Note: The second and third pre-requisites will be installed automatically if you install the Web Deployment Tool using the Web Platform Installer

Remote Agent Service– An administrator-only service, based on HTTP/HTTPS, that allows server administrators to connect and perform remote operations.

The remote service is not started by default and is set to Manual startup. It is only required to have it running during an operation, and it can be stopped when not in use.

–> Complete the installation operation

Create a Site package through the IIS Manager

–> Open the IIS Manager using its icon or by typing ‘inetmgr’ at command line

–> In IIS Manager, expand the Server node and the Sites node, then select the source site (From which you will create your installation package)

–> Right click and select Deploy/Export Application

–> By default Web Deploy is configured to export an application, which cannot be imported as a new site, therefore if the goal is to make a site package we need to change this default behavior.

–> As you can see the export operation is for a web application only.

–> If you try to import the package as a new site you will get the following error massage

Changing the default Content settings

–> The first step in changing the default settings is to click on the ‘Manage Components’ button.

–> Change the provider name to ‘appHostConfig’, then the package will be a site package instead of an application package.

–> Click on the OK button to see the result (as above)

–> If you continue with the installation wizard (by clicking on the ‘next’ button), you will see that two new parameters were created for you. These parameters allow you to change the packages default settings before and/or in the process of importing the package.

–> The first parameter defines the site path of your site, and the second defines the physical path on the disk.

–> By double clicking on the parameter name (Parameter 1 for instance), you can change the default settings: Change the name of the parameter (more convenient to manage your parameter this way ), change the description of the data, set the default value of the parameter and more

The parameters window after the change

During the import process you can change the values of these parameters

·

Now you can define the application pool

–> Go back to the Manage Components Page

–> Add a new provider by selecting ‘AppPoolConfig’ from the list (on the next available line).

–> The Application Pool must be created first, so change the order of the tasks, set the application pool to be the first step (use the ‘Move Up’ button).

–> Click NEXT to edit the application pool parameter.

Note: Surely the operator, who imports the package later on, can change the Pool name, but then the import will fail (unless the original pool already exists), so I do recommend deleting it.

Note: If the application pool contains user and password, you will get a prompt to enter a password for the package (Use this password to open the package, when importing)

Adding Site Binding

IIS Server can host more than one site, but in order to do so, the sites must differ in their site bindings, differ in their IP, Port or Hostname, only then they can coexist on the same IIS host server. A new parameter can be added to achieve this goal

Enterprise computers occasionally lose the secure channel with their domain, for various reasons. To regain the secure channel our helpdesk simply disjoin the workstation/server from the domain, reboots the machine, add the computer to the domain and reboot again. This process is simple, but very tedious, of course you can always try to use Netdom/NLTest command, personally I prefer using the network ID wizard:

Under system properties select the computer name tab

Click on Network ID button

Click on NEXT and select the first option in the new windows

Click on NEXT and select the first option again

Click on NEXT

Fill in the your admin account details – account Name ,Password and domain name

Should be an account which has the right to add computers to the domain

The machine account probably exists in the domain, so you will be asked to use it, answer YES

If you use the administrator account you don’t need to add it again to the local administrators group

Click next and Finish the wizard.

At the following windows (system properties window) click on the OK button.

Now you will be asked to reboot your machine, click YES

As my friend, Omer Riff says “Sha Ba Boom”, your computer came back to be a part of the domain.

Recently I was asked to adjust my Client Right Click Tools to the new SCCM version (System Center Configuration Manager 2012), quite a challenge, but I decided to give it a try. I downloaded the new ConfigMgr 2012 SDK , a very good resource I must add, and started to read. I had to make some interface changes as well as scripting code adjustments:

The tools can be reached from the ribbon and/or from the context menu:

Selecting a device in a collection invokes the SCCM Tools ribbon

The old report mechanism was removed, and the SQL report server took it’s place, so reports looks a bit different. The advertisement reports were renamed to deployment Reports:

My SCCM right click tool collection (those I collected and those I wrote) were based on VBS,Batch and HTA, so Shay Levy my friend and a PowerShell Guru suggested that I should write a new set of tools based on PowerShell and Windows Forms. I could not say no to such a challenge so I began working on a new project. My right click toolkit is divided to three sections : Site Tools, Collection Tools and Systems Tools. In this post I will discuss the client (system) tools.

Microsoft PowerShell version 2 is a powerful tool and has many useful cmdlets, nevertheless the absence of account management cmdlets is eminent. Microsoft has published an Active Directory Module with windows 2008 R2, but you must follow this condition :

“If you want to use the Active Directory module in Windows 7 to remotely manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server”.

Occasionally I need to administer local accounts on my servers and workstations for instance, change local admin password, add new local admins, create local application users (even though I don’t like it very much) , check local groups membership and so on. I thought if Microsoft cannot help I should do it myself and I wrote my own module .

Ping-them ,originally, was designed to validate computer accounts in Active Directory even though it can be used for testing any given IP Addresses. In this version I added IP Resolving, which enables you not just to ping the target IP , but also to resolve its system name (WINS/DNS). The resolved names will appear under “Ping Results”.

A new IP list TAB was added, containing the IP list of all target computers.

I believe that someone at Microsoft thought about us when they invented the new license mechanism. KMS, MAK are the new sheriffs in town, guarding the software piracy.

Key Management Service (KMS) enables organizations to activate computers in a managed environment without connecting to Microsoft individually. Computers running Windows OS/OFFICE (Vista/Server2008/Office2010 and above) activate by connecting to a central Windows computer running the KMS service which connects to Microsoft on their behalf. KMS usage is targeted for managed environments where more than 25 workstations / 5 Server are consistently connected to the organization’s network.

Clients must renew their activation by connecting to the KMS Host at least once every 180 days. Clients not yet activated will attempt to connect with the KMS host every two hours (you can configure this value). Once activated, they will attempt to connect to the KMS host every seven days (configurable too). Clients have a 30-day grace period to complete activation. Clients not activated within this time period will go into Reduced Functionality Mode (RFM).

Download KMS 1.1 to host KMS on Windows Server 2003 (it is already included in windows 2008 and above) and enable activation of Windows Vista and Windows Server 2008. To extend support for KMS to provide activation for Windows 7 and Windows Server 2008 R2 download the following update KB968915

Multiple Activation Key (MAK) can activate a specific number of computers. They are not used to install Windows but rather to activate it after installation. Activation can be performed over the Internet or by telephone. You can check the number of remaining activations from the MVLS Web sites and request additional activations by contacting the Microsoft Activation Call Center.

Product key groups .Windows OS (Vista/Server2008 and above) come in a variety of editions. Microsoft wanted to simplify activation for volume Customers so they created product key groups for volume OS editions, but when they first issued this license groups someone forgot to tell us about it

Closed network

A private/secured/Lab network which cannot access the Internet raises an interesting issue – how to activate computers within this network, when you don’t have outbound connections?

The first option is to install the KMS Service and activate it by phone, but you’ll need to reactivate every 180 days. In my opinion this method is most suitable for dynamic networks, meaning network with rotation of computers and servers or if you have more then few computers.

The second method is to activate your MAKby phone, and believe me, you “don’t want to try it at home”. This is a tedious process especially if you need to activate more then one computer .

The alternative is to use the VAMT (Volume Activation Management Tool). Using VAMT is still a long process, but less painful: